Asos lifts lid on its cyber security work
The days of plugging in a misconfigured firewall and relying on a couple of specialists to save the day are long gone. Now retailers need a team that proactively assesses security risk and can work with the whole organisation to address these issues.
So says George Mudie, Chief Information Security Officer at Asos. In a blog post, he comments: “You also need a team that has a passion for learning. Cyber security is continually evolving to meet the ever changing threats and advances in technology. At Asos, we’ve also got the pleasant business challenges of rapid global growth and the technical challenges of a micro services architecture.”
Virtually everything the pureplay does is in Microsoft Azure and the tech team has “gained a reputation for pushing Azure to its limits and producing an innovative user experience. This results in a cyber security team that either develops new security tools/techniques or works with security startups who also understand the unique challenges that we face.”
As Asos has expanded globally, it has continued to invest and grow its capability. It has also adopted an organisational design that is defined by specialism and covers the primary security vectors, such as GRC, IAM and SecOps.
“Fortunately we’re not alone, as we work closely with our data protection officer and tech colleagues as well as follow the advice and guidance offered by the UK’s elite National Cyber Security Centre and National Crime Agency,” Mudie concludes.